Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Public IP "Passthrough" on Cisco 1751

Posted on 2005-03-28
6
Medium Priority
?
774 Views
Last Modified: 2010-10-05
We have a vendor who is setting up a kiosk at our location and they require internet access to the unit. There is a PC and an IP printer in the kiosk which are connected to a Cisco 831 VPN router. Our T1 terminates into a Cisco 1751 and we were hoping to use our existing bandwidth to provide connectivity for the kiosk, but I'm not sure how to make it happen.

The kiosk company's tech configured the VPN router to use one of our public IP addresses of 216.x.x.28 /28 with the same default gateway as we do for our internet access (216.x.x.17 /28) with 10.240.53.0/29 for the LAN side of the router.

We have a very basic configuration for our 1751 with 192.168.1.0 /24 for our LAN subnet. I will provide specific details if required...

My question is: How can I get all internet traffic directed at 216.x.x.28 /28 to route directly to the VPN router? Thank you so much for your assistance!
0
Comment
Question by:olhelp
  • 3
  • 2
6 Comments
 
LVL 13

Accepted Solution

by:
Dr-IP earned 840 total points
ID: 13649613
It seems like your router is using NAT (network address translation), and they configured their router to directly us one of your public IP addresses. If that is the case it’ simply not going to work. To get it to work they will need to configure their router with one of the 192.168.1.0 addresses, any you configure your router to forward all packets from that public address to the private one they are using on their router.  
0
 
LVL 11

Assisted Solution

by:-Leo-
-Leo- earned 160 total points
ID: 13649634
I would suggest you to use NAT for the kiosk 831 router. By the way, how this router connects to your 1721 ?
You can change address on 831 for the one from your subnet 192.168 and perform NAT on your 1721 to give 831 its address of 216.x.x.28 ...
0
 
LVL 1

Author Comment

by:olhelp
ID: 13649715
-Leo-, their 831 is connecting to our 1751 through a Cisco 2900 switch.

Dr-IP, I've heard that there are issues with combining VPN and NAT, but I don't know any specifics right off hand... any thoughts or experience with this type of configuration?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 13

Expert Comment

by:Dr-IP
ID: 13654018
There can be issues with it, but since you pool of public address instead of just a single IP address that needs to be shared with many computers it’s generally less problematic since the ports can be mapped 1 to 1, IE port 50 inside goes to port 50 outside instead of something like port 50 inside goes to port 1024 outside like frequently happens when you are a single address with multiple devices, which reeks havoc with VPNS.  
0
 
LVL 1

Author Comment

by:olhelp
ID: 13676479
Thanks for the response. I will try it tomorrow and let you know what happens (and award the points as necessry). Thanks!
0
 
LVL 1

Author Comment

by:olhelp
ID: 13684809
Funny how things work themselves out... As I was working with the vendor to get his VPN router changed, another issue came up with a web content filtering solution that we were implementing. It appears that the way our router was set up (especially NAT) causes all sorts of problems when other devices are introduced into the network. So we're going to redesign the network this weekend. Thanks for confirming that this current scenario had very little flexibility!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question